/* * Copyright 2003 Federal Chancellery Austria * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package at.gv.egovernment.moa.id.auth; import iaik.pki.PKIException; import iaik.pki.jsse.IAIKX509TrustManager; import java.io.IOException; import java.security.GeneralSecurityException; import java.util.Properties; import javax.activation.CommandMap; import javax.activation.MailcapCommandMap; import javax.mail.Session; import javax.net.ssl.SSLSocketFactory; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.ConnectionParameter; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.iaik.config.LoggerConfigImpl; import at.gv.egovernment.moa.id.util.AxisSecureSocketFactory; import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; import at.gv.egovernment.moa.id.util.SSLUtils; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.logging.LoggingContext; import at.gv.egovernment.moa.logging.LoggingContextManager; import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider; import at.gv.egovernment.moa.spss.server.iaik.config.IaikConfigurator; import at.gv.egovernment.moa.util.Constants; /** * Web application initializer * * @author Paul Ivancsics * @version $Id$ */ public class MOAIDAuthInitializer { /** a boolean identifying if the MOAIDAuthInitializer has been startet */ public static boolean initialized = false; /** * Initializes the web application components which need initialization: * logging, JSSE, MOA-ID Auth configuration, Axis, session cleaner. */ public static void initialize() throws ConfigurationException, PKIException, IOException, GeneralSecurityException { if (initialized) return; initialized = true; Logger.setHierarchy("moa.id.auth"); Logger.info("Default java file.encoding: " + System.getProperty("file.encoding")); //JDK bug workaround according to: // http://jce.iaik.tugraz.at/products/03_cms/faq/index.php#JarVerifier // register content data handlers for S/MIME types MailcapCommandMap mc = new MailcapCommandMap(); CommandMap.setDefaultCommandMap(mc); // create some properties and get the default Session Properties props = new Properties(); props.put("mail.smtp.host", "localhost"); Session session = Session.getDefaultInstance(props, null); // Restricts TLS cipher suites System.setProperty( "https.cipherSuites", "SSL_RSA_WITH_RC4_128_SHA,SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_3DES_EDE_CBC_SHA"); // load some jsse classes so that the integrity of the jars can be // verified // before the iaik jce is installed as the security provider // this workaround is only needed when sun jsse is used in conjunction // with // iaik-jce (on jdk1.3) ClassLoader cl = MOAIDAuthInitializer.class.getClassLoader(); try { cl.loadClass("javax.security.cert.Certificate"); // from jcert.jar } catch (ClassNotFoundException e) { Logger.warn(MOAIDMessageProvider.getInstance().getMessage( "init.01", null), e); } // Initializes SSLSocketFactory store SSLUtils.initialize(); // Initializes Namespace Map Constants.nSMap.put(Constants.SAML_PREFIX, Constants.SAML_NS_URI); Constants.nSMap.put(Constants.ECDSA_PREFIX, "http://www.w3.org/2001/04/xmldsig-more#"); Constants.nSMap.put(Constants.DSIG_PREFIX, Constants.DSIG_NS_URI); // Loads the configuration AuthConfigurationProvider authConf = AuthConfigurationProvider.reload(); ConnectionParameter moaSPConnParam = authConf .getMoaSpConnectionParameter(); // If MOA-SP API calls: loads MOA-SP configuration and configures IAIK if (moaSPConnParam == null) { try { LoggingContextManager.getInstance().setLoggingContext( new LoggingContext("startup")); ConfigurationProvider config = ConfigurationProvider .getInstance(); new IaikConfigurator().configure(config); } catch (at.gv.egovernment.moa.spss.server.config.ConfigurationException ex) { throw new ConfigurationException("config.10", new Object[] { ex .toString() }, ex); } } // Initializes IAIKX509TrustManager logging String log4jConfigURL = System.getProperty("log4j.configuration"); if (log4jConfigURL != null) { IAIKX509TrustManager.initLog(new LoggerConfigImpl(log4jConfigURL)); } // Initializes the Axis secure socket factory for use in calling the // MOA-SP web service if (moaSPConnParam != null && moaSPConnParam.isHTTPSURL()) { SSLSocketFactory ssf = SSLUtils.getSSLSocketFactory(authConf, moaSPConnParam); AxisSecureSocketFactory.initialize(ssf); } // sets the authentication session and authentication data time outs String param = authConf .getGenericConfigurationParameter(AuthConfigurationProvider.AUTH_SESSION_TIMEOUT_PROPERTY); if (param != null) { long sessionTimeOut = 0; try { sessionTimeOut = new Long(param).longValue(); } catch (NumberFormatException ex) { Logger .error(MOAIDMessageProvider .getInstance() .getMessage( "config.05", new Object[] { AuthConfigurationProvider.AUTH_SESSION_TIMEOUT_PROPERTY })); } if (sessionTimeOut > 0) AuthenticationServer.getInstance() .setSecondsSessionTimeOut(sessionTimeOut); } param = authConf .getGenericConfigurationParameter(AuthConfigurationProvider.AUTH_DATA_TIMEOUT_PROPERTY); if (param != null) { long authDataTimeOut = 0; try { authDataTimeOut = new Long(param).longValue(); } catch (NumberFormatException ex) { Logger .error(MOAIDMessageProvider .getInstance() .getMessage( "config.05", new Object[] { AuthConfigurationProvider.AUTH_DATA_TIMEOUT_PROPERTY })); } if (authDataTimeOut > 0) AuthenticationServer.getInstance() .setSecondsAuthDataTimeOut(authDataTimeOut); } // Starts the session cleaner thread to remove unpicked authentication data AuthenticationSessionCleaner.start(); } }